CISOs lack budget needed to deal with AI problems

Budget continues to be the biggest pain point and challenges CISOs in Asia are facing right now when it comes to deploying AI securely, says Mark Johnston, Director, Office of the CISO, Asia Pacific, Google Cloud.

As organizations around the Asia Pacific region continue to invest heavily in AI, many are still concerned about the potential security risks that can arise from this. While organizations are taking a more cautious approach to deploying their AI use cases, the reality is some companies are still struggling in ensuring that this is being done securely.

Specifically, CISOs in the region believe that not enough is being invested in securing AI development and deployments in organizations. While they acknowledge the need for security AI, the lack of budget to ensure it is beginning to cause some challenges and could be a problem in the long run.

“Most CISOs don't get a budget to deal with the AI problem. They didn't get an extra budget to deal with that. It just came into their current role. But they’ve been given a whole bunch of challenges to deal with. And so, the pressure and scale upon those particular leaders is definitely growing. Their tasks are accelerating, and we look at the statistics, we're now seeing more noise. It may not be even super sophisticated, but more noise is more overhead. And that costs more to deal with than the business,” explained Mark Johnston, Director, Office of the CISO, Asia Pacific, Google Cloud.

Johnston also pointed out that CISOs are looking for partners who can help accelerate that without having to hire more staff or get larger budgets.

“I definitely see budget pressure as a big issue in the region, to be honest. And different countries are struggling with that differently based on regulation and other areas accordingly. Some are leading and really pushing companies to invest. And of course, that has its own struggles for companies too,” added Johnstone.

He also mentioned that while every security leader understands the need to develop and deploy AI securely, it is one of the problems that drives the budget and the resource conversations as organizations adopt new technologies.

Consolidation done right

The problem of the lack of budget for AI security is quite similar to the initial problem companies had when deploying the cloud. While the issues of cloud security continue to be addressed, the issues on AI security will require teams to be reskilled to understand the processes and skills to cope with the technology.

However, with companies struggling with the many complexities in security management, consolidating security options to take a more managed approach over a platform is what more companies are opting for. While this is definitely a cost-saving option in the long run, the consolidation needs to be done right.

“The consolidation is definitely happening in this space. And as a very large cloud vendor in this marketplace, we've been working to make sure we've got the right tools and technologies to help customers navigate their workload, not just on Google Cloud, but also the ability to do multi-cloud, whether it be through our open source technologies or our technologies that reach into other providers and spaces to help them modernize where they are in this space. We've even got on-prem solutions now in our cloud offerings in that space,” said Johnston.

For Johnston, As Google Cloud matures as an enterprise organization, the focus will be to be able to get and help the customer where they are and where they need to go. This is where he believes the new capabilities acquired through the Mandiant acquisition as well as the acquisition intent with Wiz can help customers modernize and improve their current security posture to get to that operating like Google idea.

With organizations in the region facing different challenges, it’s all about understanding how to use the technology and working with the right partners to deploy it.

“In AI right now, there's 1,000 different options. And if you look at security, some of the major players out there who are doing acquisitions and coming together. There's definitely a consolidation to more trusted partners that can help across the stack versus the bolted-on approach, which really hasn't worked to date. And that, I think, is something of frustration. Security leaders and CISOs are really tired of trying to get four different products to work to each other, and that there's no one vendor to unite them all as such in this space,” added Johnston.

Looking at the work Google Cloud has been doing with the office of the CISO from a security perspective, Johnston believes they are helping customers work on the cloud with a whole series of security advantages. At the end of the day, it's all about getting it right and being part of the shared fate scope of responsibilities.

“It's done well, done right. That's why we're excited about focusing on cloud security and the acquisition we're to go through (referring to the potential Wiz acquisition), because it's an opportunity for us to help the customers be secure on cloud and therefore be more secure in general. And then once you're on cloud and you're secure, you can then take advantage of some of the inherent properties of cloud and use AI to really put in place some very strong defenses, things that you wouldn't have been able to do with more traditional technology,” he concluded.